Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

{CWoC} PatchAutomation and ZeroDayPatch with Patch Management 7.5 Native Support

Created: 23 Oct 2013 • Updated: 23 Oct 2013 | 9 comments
Ludovic Ferre's picture
+1 1 Vote
Login to vote

I already reported here that the Patch Automation toolkit (ZeroDayPatch [1] and PatchAutomation [2]) can both operate on Patch Management Solution 7.5 [3], however this requires copying a specific version of the Altiris.PatchManagementCore.Web.dll to the folder where the tool will be running.

So now that 7.5 is out I decided to make a 7.5 build that uses the GA code. This download doesn't bring new features or bug fixes however it should allow the 7.5 users to work directly out of their fresh build and not worry about getting a 7.1 dll to get up and running with the tools.

A quick reminder for everyone on the dll dependency: To run the tool uses the Workflow API provided by Patch Management. The API is implemented in Altiris.PatchManagementCore.Web.dll which is normally located under "%programfiles%\Altiris\Patch Management\Core\Web\Bin".

[1] {CWoC} ZeroDayPatch: Patch Automation Tool for PMS 7.1 SP2

[2] {CWoC} PatchAutomation - Automated patching with Full Test Life-cycle

[3] {CWoC} ZeroDayPatch and PatchAutomation - 7.5 compatibility

 

Comments 9 CommentsJump to latest comment

MrSoapsud's picture

Forgive me if I'm being stupid but the Automation tool looks like just what I'm looking for but I can't get my head around how to use it! The 7.1 pages referenced an SQL file - is that still necessary and if so, what do I do with it?

For the commands you've produced, am I right in thinking I put them in a folder with the dll mentioned and then just run the commands? Do I do this manually? I'm thinking that putting the commands with the right arguments (once I've worked out what they are!) in one or more batch files might simplify things?

Am I on the right lines?

Thanks

0
Login to vote
Ludovic Ferre's picture

Hello MrSoapsud,

The SQL is not necessary for default use, but you'll need it if you want to manage bulletins by vendor.

For the generic usage of the tool you can have the executable and dll into the same folder and run the command line via a Server Task in the SMP console.

In fact I would normally recommand running a few tasks (possibly in a job to avoid concurrency issue and deadlock) to manage your critical, important or custom releases.

I am currently off-net, on a retreat of some kind. I'll be back real soon, and you sure will hear from me then ;-).

Ludovic FERRÉ
Principal Remote Product Specialist
Symantec

0
Login to vote
MrSoapsud's picture

Hi Ludovic,

Thanks for that - good to know I'm not way off target. However, I'm new to 7.x having been stuck on 6 for a long time. Can you point me at something simple about creating command line server tasks?

Thanks

0
Login to vote
Ludovic Ferre's picture

I can drive you thru (names are provided here for simplicity but you'r free to locate the tasks anywhere you want):

  • Open the SMP console
  • Navigate to Job and Task.
  • Create a new folder and name it 'Patch Automation'
  • In the new folder right-click 'New > Task'
  • Select a task of type 'Run script on server'
  • Add a name to the task and empty content
  • Click enter

Once you have the task you can put in the batch command to set the working directory to match your need and launch the executable with the desired command lines.

You can then scheduled it to run daily or whenever you find suitable.

I am currently off-net, on a retreat of some kind. I'll be back real soon, and you sure will hear from me then ;-).

Ludovic FERRÉ
Principal Remote Product Specialist
Symantec

0
Login to vote
MichaelCiv's picture

Exactly what is the function of this? A video would be awesome!

0
Login to vote
MrSoapsud's picture

Hi again,

I'm really liking what I see from this package and like the idea of adding the ability to choose the vendor, which means I need the SQL file. Only trouble is I don't know what to do with it! Please explain that bit for this mere mortal!!

Thanks

Martin

0
Login to vote
Ludovic Ferre's picture

MichaelCiv,

There's a video on the Zero Day Patch inside the workflow system. We follow a similar process, without the email part. So you could start there:

Workflow Template - Zero Day Patch

Martin,

You need to download the SQL file CWoC_GetAllBulletins and run it against your Symantec_CMDB (that's the default SMP database name).

Once you have the procedure in place you can run command lines like this one:

ZeroDayPatch-v9.exe /severity=critical /custom-sp=cwoc_getallbulletins /vendor=mozilla

What's important here for you is the /custom-sp (you direct the tool to use a specific SQL procedure to get the list of bulletins) and the /vendor=mozilla (you take benefits from the sp results to filter the bulletins by vendor name).

I am currently off-net, on a retreat of some kind. I'll be back real soon, and you sure will hear from me then ;-).

Ludovic FERRÉ
Principal Remote Product Specialist
Symantec

+1
Login to vote
MrSoapsud's picture

Excellent - thanks very much Ludovic.

MichaelCiv,

Ludovic's program when run on an SMP 7.5 server will go through some or all of the patches and, depending on the conditions you use, stage them and target them at test, "validation" and production groups of machines. One or more commands which can you set up as tasks (haven't done that bit yet) will automate the whole staging and targetting process of Patch management which, when doing it by hand, is a bit tedious to say the least!

+1
Login to vote
MrSoapsud's picture

Hi Ludovic,

I've noticed that your PatchAutomation program isn't picking up all the sourceforge updates for some reason. It does Tortoise-SVN, GIMP and Audacity but not VLC anf Filezilla. Any reason for that you can think of? I'm using /severity=* and /patchall in my config file.

Thanks

0
Login to vote